#!/bin/sh

#
# $Id: /usr/local/bin/adsearch.sh 0.01 2003/08/20 18:56:47 corvax Exp $
#

#
# прописать в /usr/local/etc/openldap/ldap.conf строку:
# BASE    dc=domain, dc=com, dc=ua
#

# echo `date` $* >> /tmp/adsearch.log

debug=

ldap_servers="10.0.0.99 10.0.0.4"
ldap_login="cn=ldapuser,cn=Users,dc=domain,dc=com,dc=ua"
ldap_login="ldapuser@domain.com.ua"
ldap_password="XXXXXX"

addr=$1

#recipient_ok=0
recipient_ok=100
user_unknown=55
auth_failed=2
cannot_contact_server=3

check_addr() {
    server=$1
    login=$2
    password=$3
    addr=$4

    if test ! -z "${debug}"; then
	echo "server=${server}"
	echo "login=${login}"
	echo "password=${password}"
	echo "addr=${addr}"
	echo ""
    fi

    RC=`/usr/local/bin/ldapsearch -x -h ${server} -LLL -D "${login}" -w${password} proxyAddresses=smtp:${addr} 2>&1 | grep -v ^# | grep -v ^\$`

    if test ! -z "${debug}" ; then
	echo ${RC}
    fi
    if test -z "${RC}"; then
        return ${user_unknown}
    else
	error=`echo ${RC} | grep "Invalid credentials"`
	if test ! -z "${error}"; then
	    return ${auth_failed}
        fi
	error=`echo ${RC} | grep "Can't contact LDAP server"`
	if test -z "${error}"; then
	    echo "Recipient Ok"
	    exit ${recipient_ok}
	else
	    return ${cannot_contact_server}
        fi
    fi
}

for server in ${ldap_servers} ; do
    check_addr ${server} ${ldap_login} ${ldap_password} ${addr}
done

status=$?
if [ "${status}"=="${user_unknown}" ]; then
    echo "User unknown"
    exit 0
else
    if [ "${status}"=="${auth_failed}" ]; then
	echo "LDAP authentication failed"
    else
        if [ "${status}"==" ${cannot_contact_server}" ]; then
            echo "Can not contact LDAP server"
	else
	    echo "Unknown error"
	fi
    fi
fi

# It must be prsent in case of sendmail behaviour
exit 100